somnia-reactivity

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md shows the SDK subscribing over the public Somnia WebSocket/RPC (e.g., wss://api.infra.testnet.somnia.network) and handling arbitrary contract events/state in onData and on-chain handlers (e.g., sdk.subscribe/onData, decoded eventTopics/data and examples that execSync zerion), so untrusted, user-generated blockchain events from third-party contracts are ingested and can drive commands/actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides crypto wallet/session management (session seed = private key, createWalletClient/createSessionClient) and on-chain write capabilities, and includes concrete examples that execute token swaps (execSync calling zerion swap ...) and scheduled/automated trading patterns (copy-trade, DCA, protective swaps). These are specific, actionable crypto/transaction capabilities (wallet signing and swaps), not just generic tooling, and therefore enable direct financial execution.